Facebook password phishing with DNS manipulation [Tutorial]
Password Phishing can result in enormous decline of identification and user’s private particulars. This could final result in money losses for users and can also prevent them from accessing their personal accounts.
In this write-up, we will see how an attacker can take benefit of manipulating the DNS record for Fb, redirect site visitors to the phishing website page, and seize the account password.
Facebook password phishing
Here, we will see how an attacker can choose benefit of manipulating the DNS document for Fb, redirect site visitors to the phishing webpage, and grab the account password.
First, we have to have to established up a phishing webpage.
You have to have not be an specialist in website programming. You can very easily Google the methods for planning a phishing account.
- To build a phishing page, to start with open up your browser and navigate to the Fb login web site. Then, on the browser menu, click on on File and then on Save webpage as…. Then, make absolutely sure that you opt for a complete website page from the fall-down menu.
- The output should be an .html file.
- Now let us extract some info right here. Open the Phishing folder from the code information provided with this book. Rename the Fb HTML web page index.html.
- Inside of this HTML, we have to change the login variety. If you look for for action=, you will see it. Here, we change the login type to redirect the ask for into a custom PHP web site termed login.php. Also, we have to modify the ask for method to GET alternatively of Article.
- You will see that I have extra a login.php site in the similar Phishing listing. If you open up the file, you will discover the adhering to script:
$benefit) fwrite($handle, $variable) fwrite($tackle, "=") fwrite($cope with, $price) fwrite($take care of, "rn") fwrite($cope with, "rn") fclose($take care of) exit ?>
As quickly as our focus on clicks on the Log In button, we will send out the facts as a GET request to this login.php and we will store the submitted details in our passwords.txt file then, we will shut it.
- Up coming, we will build the passwords.txt file, in which the goal qualifications will be stored.
- Now, we will duplicate all of these documents into varwww and commence the Apache services.
- If we open the index.html website page domestically, we will see that this is the phishing web site that the target will see.
Let us recap definitely immediately what will come about when the goal clicks on the Log In button? As soon as our concentrate on clicks on the Log In button, the target’s credentials will be despatched as GET requests to login.php. Recall that this will transpire for the reason that we have modified the action parameter to ship the qualifications to login.php. Right after that, the login.php will inevitably store the information into the passwords.txt file.
Now, ahead of we get started the Apache services, let me make guaranteed that we get an IP deal with.
- Enter the pursuing command:
ifconfig eth0
You can see that we are jogging on 10.10.10.100 and we will also get started the Apache provider working with:
assistance apache2 commence
- Let’s verify that we are listening on port 80, and the assistance that is listening is Apache:
netstat -antp | grep "80"
Now, let us soar to the focus on side for a next.
In our former area, we have utilised google.jo in our script. In this article, we have already modified our previous script to redirect the Fb website traffic to our attacker equipment. So, all our goal has to do is double-click on on the EXE file. Now, to confirm:
- Allow us get started Wireshark and then begin the seize.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.fb.com/:
At the time we do this, we’re taken to the phishing site instead. Right here, you will see the desired destination IP, which is the Kali IP tackle. So, on the target facet, at the time we are viewing or hitting https://www.fb.com/, we are in essence viewing index.html, which is set up on the Kali machine. Once the target clicks on the login webpage, we will send out the facts as a GET request to login.php, and we will retail store it into passwords.txt, which is presently empty.
- Now, log into your Facebook account utilizing your username and password. and jump on the Kali aspect and see if we get something on the passwords.txt file. You can see it is nonetheless empty. This is since, by default, we have no permission to publish data. Now, to resolve this, we will give all information comprehensive privilege, that is, to browse, produce, and execute:
chmod -R 777 /var/www/
Observe that we manufactured this, since we are operating in a VirtualBox environment. If you have a net server exposed to the public, it is undesirable apply to give complete permission to all of your information owing to privilege escalation attacks, as an attacker may add a destructive file or manipulate the files and then browse to the file locale to execute a command on his personal.
- Now, following offering the authorization, we will quit and start the Apache server just in circumstance:
services apache2 end company apache2 start off
- Soon after carrying out this modification, go to the target device and test to log into Fb one a lot more time. Then, go to Kali and click on on passwords.txt. You will see the submitted information from the focus on facet, and we can see the username and the password.
In the finish, a good indication for a phishing exercise is missing the https indicator.